You are here

More people become targets after emails compromised

With the recent breach of Epsilon's data from about 50 companies where email addresses and names of company clients were released, criminals now have easier targets for possible scams.

"Epsilon maintains all that was compromised was names and email addresses," said Thomas Foss, director of Center for Information Assurance at Catawba Valley Community College. "However, it appears evidently compromised were the company IDs that people had relationships with."

For example, if an individual has a Best Buy Rewards Zone card with points on it from purchases, this information could also have been obtained by Epsilon hackers. In this case, Foss said it's possible for the criminals to send a person an email with a rewards points balance in the content, which can make the receiver think the email actually came from Best Buy.

"(Officials) are warning people to be careful about emails from people with whom you have business relationships with online because, if you didn't initiate contact, it might be a scam," Foss said. "The more information the bad guys have, the better job they can do at targeting you."

After the March 30 breach with Epsilon's files, the company notified clients who were affected by the incident. Epsilon serves about 2,500 companies and sends about 40 billion emails a year on behalf of its business partners for marketing purposes.

Because of notification laws in North Carolina and the United States, anyone with business relationships with one of Epsilon's clients that was victim to the breach was notified that their email address and name could possibly be included data that was hacked.

Foss explained that the email notification needs to serve as a reminder to consumers to never click on a link in a business email, because most of the time, companies do not send business emails with a link.

"Go to the company website and look up (information) directly," Foss said.

In addition to remembering email safety, Foss said this is also a lesson for businesses.

"Businesses need to be more responsible with how data is protected," he said. "It's important that these businesses have a follow-up process in place to ensure (the third party) is a responsible party following proper procedures."

The Jackson Group, in Hickory, is an area business who might see side effects from Epsilon's breach.

Alan Jackson, president and CEO of The Jackson Group, said his business hasn't seen a direct impact from the recent incident, but wonders if it will hurt email surveys the company attempts in the future.

"We do a lot of research surveys and those do happen through email," Jackson said. "The biggest concern for us is that it's going to make people more suspect to emails they get."

With the expected increase in email spam after Epsilon's breach in March, Jackson said more people will have a harder time sorting through real and spam email.

"The more spam people get, the easier it is for things to fall through the cracks," he said.

Like Foss suggested, Jackson also encourages the public to take time to review emails carefully and to try and identify where a link will take you before clicking on it in any email.

"A good general rule of thumb is that if the email looks like it could be legitimate, it's important to read it and find the purpose behind it," Jackson said. "Read instructions and see where things are coming from. Hopefully, firms like us are going to be explaining how they got the email addresses."

The Epsilon breach is under investigation, and as of now, the company does not think more than 50 business files were compromised.